mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 15:03:01 +02:00
Some checks are pending
Pre-commit checks / pre-commit (push) Waiting to run
Replaces the bespoke chattr/bind-mount/systemd-watcher implementations for /etc/hosts and /etc/shutdown-schedule.conf with the new shared guard-lib (~/guard-lib, guardctl), so screen-locker and steam-backlog-enforcer's new block-gaming feature stop maintaining parallel copies of the same tamper-resistance mechanism. - pacman_wrapper.sh: pre/post hook fallbacks now call guard-lib's generic unlock-all/relock-all scripts (covers every registered guard instance, not just /etc/hosts) - setup_midnight_shutdown.sh: installs/updates its guarded config via guardctl file-guard instead of hand-rolled chattr + systemd unit generation; the schedule ratchet logic (block-if-more-lenient) stays bespoke since guardctl's generic unlock can't represent it - new hosts/guard/plugins/nsswitch-plugin.sh, resolved-plugin.sh Also fixes, at user's request even though pre-existing: 3 shellcheck SC2329 false positives in pacman_wrapper.sh (functions invoked indirectly by name, not actually dead) and 1 SC2001 style warning (echo|sed VM-name extraction replaced with parameter expansion, verified equivalent output). Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AFNiYQQgSLAkiBXswyimPq
39 lines
1.3 KiB
Bash
Executable File
39 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# guard-lib plugin for the "nsswitch" file-guard instance.
|
|
# Ensures /etc/nsswitch.conf's "hosts:" line always contains "files"
|
|
# before "dns", preventing bypass of /etc/hosts blocking. Translated from
|
|
# the pre-guard-lib enforce-nsswitch.sh - see that file's git history for
|
|
# the original standalone version.
|
|
|
|
validate() {
|
|
local file="$1"
|
|
local line
|
|
line="$(grep '^hosts:' "$file" 2>/dev/null || true)"
|
|
[[ -n "$line" ]] || return 1
|
|
|
|
echo "$line" | grep -qw "files" || return 1
|
|
|
|
if echo "$line" | grep -qw "dns"; then
|
|
local files_pos dns_pos
|
|
files_pos=$(echo "$line" | grep -bo '\bfiles\b' | head -1 | cut -d: -f1)
|
|
dns_pos=$(echo "$line" | grep -bo '\bdns\b' | head -1 | cut -d: -f1)
|
|
if [[ -n "$files_pos" && -n "$dns_pos" && "$files_pos" -gt "$dns_pos" ]]; then
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
# Only called when no canonical copy exists yet to restore from instead.
|
|
emergency_fix() {
|
|
chattr -i "$TARGET" 2>/dev/null || true
|
|
if grep -q '^hosts:.*dns' "$TARGET"; then
|
|
sed -i 's/^hosts:\(.*\)dns/hosts:\1files dns/' "$TARGET"
|
|
elif grep -q '^hosts:.*resolve' "$TARGET"; then
|
|
sed -i 's/^hosts:\(.*\)resolve/hosts: files\1resolve/' "$TARGET"
|
|
else
|
|
sed -i 's/^hosts:/hosts: files/' "$TARGET"
|
|
fi
|
|
}
|